Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 May 2016 13:19:03 -0400 (EDT)
From: cve-assign@...re.org
To: blinken@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: VLC - crash and potential code execution when processing QuickTime IMA files

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> it does not check
> that the number of channels in the input stream is less than or equal
> to the size of the buffer, resulting in an out-of-bounds write
> 
> potential for remote code execution via a malicious media file.

Use CVE-2016-5108.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXSIEeAAoJEHb/MwWLVhi2ER4QAK5kLAexK+KFPLs35LdTwYvu
YCcFcWZylzAhEXB8ukMGCrEikoXgZe5frYun/wRwmkKOauwyzGfH7kqzTEMq9cgs
ky43QVe7iSyVcsmi+jr+B2KUOq7vtTBaEhe2RR5PYG8vvseUYRO1rXiwMy7BTsSM
SwskbnIQ8IHg6RdIQ+XTnI0zOWqXmU+YT3H0P3QyqXa/2katuUAADN5/orDQSvfn
gmoh82VJc1tIJKckbEl2ivURfVPdVzb86Ng7ReJChR+YDx+MfZ9kcLZYH3982+9s
OrpGCR0NJlMurP7FWBwekrd/bgnYXXZJpiEg6Ygg39X+8TSbRNHrycfSnHj5D2At
GBcm6wdHWPROYHlQeeFng/wyxZC8qEP9LKIEQr8ypcEQT4UhJ9rQej0TTSHfXNiG
UXG3jhIHCJJEBhQQX92XrR9CYwbn3MCmrT4CE4OCKO+088w3uHPxiVMUc6T6U2Pq
ZElZ9kOLQposZe6ItuhHmPa9hOVzWpReeBZduPOdzW1PMDhfanUah7AEvp1eKn2d
waA9CBhNH/4cxwMSlZUYGjx6SB9jaTkmYYk8HmcEW40nlDlfn8RrPiSrsMZfQZHT
kO1ohrVDquQhoMycRu3GVaB9nGs+RGGfYD/XzsFSC+jb0PPuFKozdlHHonT5CP66
vq0r06z1IrJDK0Nye6Re
=ky5Z
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ